Auditing database access in a distributed medical computing environment

ABSTRACT

Auditing database access in a distributed medical computing environment may include receiving from a user a query of one or more databases within the distributed medical administration computing environment; determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access; and if any of the results of the query require auditing access, creating an audit record and storing the audit record in an audit database.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of U.S. patent application Ser. No. 13/688,914, filed Nov. 29, 2012, which is a continuation of U.S. patent application Ser. No. 13/035,196, filed Feb. 25, 2011.

BACKGROUND OF THE INVENTION Field of the Invention

The field of the invention is data processing, or, more specifically, methods, apparatus, and products for administering medical digital images in a distributed medical digital image computing environment and auditing database access in a distributed medical computing environment.

Description of Related Art

Current medical image management systems are inflexible and do not support a model of accessing any and all medical images and database information produced across a multi-facility enterprise. This causes the data from analyzing these images to be difficult to share and difficult to produce and the auditing of accessing medical database information inflexible and difficult.

SUMMARY OF THE INVENTION

Methods, systems, and computer program products are provided for auditing database access in a distributed medical computing environment including receiving from a user a query of one or more databases within the distributed medical administration computing environment; determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access; and if any of the results of the query require auditing access, creating an audit record and storing the audit record in an audit database.

The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts of exemplary embodiments of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 sets forth a network diagram of a system for administering medical digital images in a distributed medical digital image computing environment and auditing database access in a distributed medical computing environment according to embodiments of the present invention.

FIG. 2 sets forth an example system for administering medical digital images and auditing database access in a distributed medical computing environment (200).

FIG. 3 sets forth a block diagram of an example medical image business object according to embodiments of the present invention.

FIG. 4 sets forth a block diagram of an example audit record (450) according to embodiments of the present invention.

FIG. 5 sets forth a flow chart illustrating an example method of administering medical digital images in a distributed medical digital image computing environment according to embodiments of the present invention.

FIG. 6 sets forth a flow chart illustrating and example method of administering medical digital images in a distributed medical digital image computing environment according to embodiments of the present invention.

FIG. 7 sets forth a flow chart illustrating in example method of auditing database access in a distributed medical computing environment.

FIG. 8 sets forth a block diagram of an example of a cloud computing node useful according to embodiments of the present invention.

FIG. 9 sets forth a line drawing of an example cloud computing environment.

FIG. 10 sets forth a line drawing showing an example set of functional abstraction layers provided by cloud computing environment.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Exemplary methods, systems, and products for administering medical digital images in a distributed medical digital image computing environment and auditing database access in a distributed medical computing environment in accordance with the present invention are described with reference to the accompanying drawings, beginning with FIG. 1. FIG. 1 sets forth a network diagram of a system for administering medical digital images in a distributed medical digital image computing environment and auditing database access in a distributed medical computing environment according to embodiments of the present invention. The system of FIG. 1 includes a distributed processing system implemented as a medical cloud computing environment (100). Cloud computing is a model of service delivery for enabling convenient, often on-demand network access to a shared pool of configurable computing resources such as networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services that can be rapidly provisioned and released with reduced management effort or interaction with the provider of the service. This cloud model often includes five characteristics, three service models, or four deployment models.

Characteristics of the cloud model often include on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. On-demand self-service is a characteristic in which a cloud consumer can often unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with the cloud service provider.

Broad network access is a characteristic describing capabilities that are available over a network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms such as mobile phones, laptops, desktop computers, PDAs, and so on as will occur to those of skill in the art.

Resource pooling is a characteristic in which the cloud service provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to demand. There is often a sense of location independence in that the consumer generally has no control or knowledge over the exact location of the provided resources but may be able to specify a location at a higher level of abstraction such as the country, state, datacenter and so on.

Rapid elasticity is a characteristic in which the capabilities of the cloud computing environment can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer of the cloud computing environment, the capabilities available for provisioning often appear to be unlimited and appear to be able to be purchased in any quantity at any time.

Measured service is a characteristic in which cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service such as storage, processing, bandwidth, active user accounts, and so on. Resource usage often can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

Examples of service models often implement in the cloud computing environment include software as a service (‘SasS’), platform as a service (‘PaaS’) and infrastructure as a service (‘IaaS’). Software as a service (SaaS) typically provides the capability to the consumer to use the provider's applications running on a cloud infrastructure. The applications often are accessible from various client devices through a thin client interface such as a web browser, web-based e-mail client, and so on. The consumer often does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the common possible exception of limited user-specific application configuration settings.

Platform as a Service (PaaS) typically includes the capability provided to the consumer to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the cloud service provider. The consumer often does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.

Infrastructure as a Service (IaaS) typically includes the capability provided to consumers to provision processing, storage, networks, and other fundamental computing resources where the consumers are able to deploy and run arbitrary software, which can include operating systems and applications. The consumers often do not manage or control the underlying cloud infrastructure but have control over operating systems, storage, deployed applications, and possibly limited control of select networking components such as, for example, host firewalls.

Example deployment models often used in cloud computing environments include private clouds, community clouds, public clouds, and hybrid clouds. In a private cloud deployment model, the cloud infrastructure often is operated solely for an organization. It may be managed by the organization or a third party and may exist on-premises or off-premises. In the community cloud deployment model, the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns such as, for example, mission, security requirements, policy, compliance considerations, and so on. It may be managed by the organizations or a third party and may exist on-premises or off-premises. In the public cloud deployment model, the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. In the hybrid cloud deployment model, the cloud infrastructure is a composition of two or more clouds, such as private, community, public, that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability such as, for example, cloud bursting for load-balancing between clouds.

A cloud computing environment is generally considered service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability. At the heart of cloud computing is an infrastructure comprising a network of interconnected nodes. The distributed processing computing environment of FIG. 1 includes a medical imaging cloud computing environment (100). The medical imaging cloud computing environment (100) of FIG. 1 is capable of administering medical digital images according to embodiments of the present invention. In the example of FIG. 1 the medical imaging cloud computing environment (100) includes two networks a primary integrated delivery network (150) and a DMZ network. The primary integrated delivery network of FIG. 1 is a highly secure network for administering image processing transactions upon medical images according to aspects of embodiments of the present invention. The DMZ network (152), or demilitarized zone, of FIG. 1 is a physical or logical subnetwork that contains and exposes the medical imaging cloud computing environment's external services to the larger untrusted network, such as the Internet, through which the health care provider networks (154) may access the services of the medical imaging cloud computing environment. The DMZ network (152) of FIG. 1 adds an additional layer of security to the medical imaging cloud because an external attacker only has access to equipment in the DMZ, rather than any other part of the medical imaging cloud.

The medical cloud computing environment (100) of FIG. 1 includes medical imaging cloud gateway (110) in the DMZ network (152). The medical imaging cloud gateway (110) in the DMZ network (152) includes a medical digital image communications protocol adapter (112), a module of automated computing machinery that is capable of receiving a medical digital image from a provider of medical images such as a hospital (102), MRI center (106), doctor's office, and so on as will occur to those of skill in the art. The medical digital image communications protocol adapter (112) is capable of receiving the medical image according to any number of protocols supported by the providers of the medical images such as DICOM, HL7, and others as will occur to those of skill in the art.

The DICOM (‘Digital Imaging and Communications in Medicine’) is a standard for handling, storing, printing, and transmitting information in medical imaging. DICOM includes a file format definition and a network communications protocol. The communication protocol is an application protocol that uses TCP/IP to communicate between systems. DICOM files can be exchanged between two entities that are capable of receiving image and patient data in DICOM format. DICOM enables the integration of scanners, servers, workstations, printers, and network hardware from multiple manufacturers into a picture archiving and communication system (PACS).

HL7 (‘Health Level Seven’) is an all-volunteer, non-profit organization involved in development of international healthcare standards. HL7 is also used to refer to some of the specific standards created by the organization. HL7 and its members provide a framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information.

In the example of FIG. 1 a medical image is created by scanner (104) in a hospital (102) and sent to the medical imaging cloud gateway (110) according to a protocol supported by the hospital (102). Often such medical images range in size from 50 to 500 kilobytes, but they can be both bigger and smaller. Each image is often called a slice and often many slices together make a series of images that are processed together for medical treatment. A series may contain a single image or thousands of images.

Examples of scanners useful in producing medical images according to embodiments of the present invention include magnetic resonance scanners, computed tomography scanners, digital radiography scanners and many others as will occur to those of skill in the art. Many manufacturers produce such scanners such as General Electric, Siemens, and others.

The example of a scanner (104) in a hospital (102) is for explanation and not for limitation. In fact, medical images that may be administered according to embodiments of the present invention may be created in any health care setting such as clinics, Mill centers (106), doctor's offices (108) and many others as will occur to those of skill in the art.

The medical digital image communications protocol adapter (112) of FIG. 1 receives a request for an image processing transaction to process the medical digital image. The request is transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by a producer of the medical images. The request may be received according to any number of protocols supported by the provider of the digital image such as DICOM, HL7, and others as will occur to those of skill in the art. The request received in the medical digital image protocol adapter (112) contains a medical image to be processed, metadata describing the medical image, and an identification of the processing to be performed on the image.

An image processing transaction is request to perform one or more image processing workflows on one or more medical images in the medical imaging cloud computing environment. A workflow is typically implemented as one or more services, reusable components of data processing. The services of the workflow are bound together and executed to carry out the workflow. Such workflows often include analytics for tumor detection, tumor growth, aneurysm detection, vessel separation in a patient's head, and many other medical conditions, workflows for image compression, image resolution, distribution of images, and many other workflows for medical image processing that will occur to those of skill in the art.

The medical digital image communications protocol adapter (112) of FIG. 1 parses the request according to the contents of the request and the structure of the request defined by the protocol and standard in which the request was created and extracts one or more the medical images associated with the request and metadata describing the request and the medical images. The medical digital image communications protocol adapter (112) of FIG. 1 creates, in dependence upon classification rules and the contents of the request, a medical image business object representing the business transaction. A medical image business object is a data structure that represents the requested business transaction, includes metadata describing the request and the medical images processed in the requested transaction. The medical image business object has predefined structure. In some embodiments the medical image business object may be implemented as an XML file or other structured documents.

Classification rules are rules that are tailored to parsing the request according to the protocol and standard in which in which the request was created to extract medical images and metadata. The classification rules are also tailored to develop the medical image business object by including the extracted images and metadata in a predefined structure in the medical image business object. Classification rules allow for disparate metadata, arriving in disparate protocols and standards to be read, understood classified and organized according to a defined structure for the medical image business object.

In the example of FIG. 1, the medical image communications protocol adapter (112) sends the medical image business object to a medical digital image transaction cluster (120) that stores the storing the medical image business object in the medical image metadata database.

In the example of FIG. 1, the medical image communications protocol adapter (112) may store the medical images (114) locally in a medical image repository on the medical imaging gateway or the medical image communications protocol adapter (112) may send the medical images (114) to the medical digital image transaction cluster (120) which may store the images in a medical image repository (122) in the primary integrated delivery network (150).

The medical digital image transaction cluster (120) of FIG. 1 selects, in dependence upon workflow selection rules and the attributes of the medical image business object, one or more medical analytic workflows to process the medical image. Workflow selection rules are rules that are tailored to carrying out the image processing transaction on the medical images and the medical image business object according to the request received by the health care provider. Such workflow selection rules identify the necessary requirements of the transaction and select workflows having services that carry out those requirements as well as select workflows that are tailored for the attributes of those images such as the slice size, number of slices, type of scanner used to create the images, standards used for the images and many others as will occur to those of skill in the art. Workflows may include analytics for tumor detection, tumor growth, aneurysm detection, vessel separation in a patient's head, and many other medical conditions, workflows for image compression, image resolution, distribution of images, and many other workflows for medical image processing that will occur to those of skill in the art.

The medical digital image transaction cluster (120) of FIG. 1 process the medical image of the request with the medical analytic workflows, thereby creating a resultant business object (126) and resultant medical image (126). Processing the medical image is typically carried out by executing the selected medical analytic workflows and creating results for transmission to the health care provider.

The medical digital image transaction cluster (120) of FIG. 1 routes, in dependence upon content routing rules and the attributes of the resultant business object, the resultant medical image to a destination. Examples of destinations in FIG. 1 include the hospital (102), MRI center (106), and a doctor's office (108) each in one or more networks for health care providers (154). The example destinations of FIG. 1 are for explanation and not for limitation. In fact, embodiments of the present invention may route the resultant medical image to many different destinations such as other hospitals, clinics, houses of doctors, patients, technicians, workstations, PDAs and many others as will occur to those of skill in the art.

Content routing rules are rules dictating the manner in which resultant medical images are routed to the destination. Such rules are often based on the content of the resultant medical image such that the image is routed to an appropriate health care provider in a manner that conforms to both security and privacy. Often the destination of the image is a different location, logical or physical, from the provider of the original medical image prior to its being processed by the medical digital image transaction cluster. Content routing rules may also dictate the manner in which the health care provider may access the resultant medical images and who may access such images.

Routing the resultant medical image to a destination according to the example of FIG. 1 includes extracting metadata from the resultant business object, creating a response to the request the response conforming to a particular digital image communications protocol used for the destination, and transmitting the response according to the particular digital image communications protocol supported by the destination such as, for example, DICOM, HL7, and others as will occur to those of skill in the art.

Routing the resultant medical image to a destination according to the example of FIG. 1 may include storing the resultant medical image on a gateway within the medical digital image computing environment assigned to a destination of the medical image and transmitting the response according to the particular digital image communications protocol further comprises transmitting in the response data access information to access the resultant medical image on the gateway.

Routing the resultant medical image to a destination also often includes sending a notification describing the resultant medical image to the destination. Examples of a such a notification may be an email message or a text message to a health care provider notifying the health care provider that the response to the request is ready for viewing or that the workflows processing the medical images identified aspects of the images that are consistent with a medical condition such as tumor, aneurism, vessel separation, and so on as will occur to those of skill in the art.

In the example of FIG. 1, the original business objects and original medical images may be stored such that at a later time the new medical image business objects may be created in dependence upon the classification rules and attributes of the selected business object. In such embodiments one or more medical analytic workflows to process the medical image may be selected and used to process the medical images differently.

Medical cloud computing environment (100) of FIG. 1 is not limited to administering medical images. The medical cloud computing environment (100) has a number of databases (116, 122, 124, 172, 178) that include medical images, metadata for medical images, patient information, audit information and so on as will occur to those of skill in the art. Each of these databases is capable of being queried in the example of FIG. 1 through the medical imaging gateway (110) with a query transmitted according to a protocol supported by a heath care provider. The medical cloud computing environment (100) of FIG. 1 also audits database access according to embodiments of the present invention.

In the example of FIG. 1, the medical imaging gateway (110) receives from a user a query (174) of one or more databases (116, 122, 124, 172, 178) within the distributed medical administration computing environment. The medical imaging gateway (100) is capable of receiving the query according to a number of protocols and creating a query for the specific databases within the medical cloud computing environment (100) of FIG. 1 and providing the query to the medical digital imaging transaction cluster to carry out the query, often as one or more workflows or services.

An audit manager (236) in the medical digital image transaction cluster (120) of FIG. 1 determines in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access. The access of confidential and private information is often subject to auditing both by policy and by law. For example, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 includes privacy rules that regulate the use and disclosure of certain information held by covered entities such as health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions. These privacy rules establish regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual. PHI is often interpreted rather broadly and may include any part of an individual's medical record or payment history.

Audit policies are rules governing the type of information whose access is to be audited in the medical cloud computing environment (100) of FIG. 1. Such audit policies may be established voluntarily by the providers of the medical cloud computing environment, by law, or in other ways as will occur to those of skill in the art. Often an audit policy specifies one of several actions to take as a function of one or more of conditions. Examples of actions that may be taken include:

-   -   Capturing specific information from the query in an audit record     -   Notifying one or more individuals of the query being attempted         via email or some other communication protocol;     -   Withholding a specific subset of information returned from the         query—this could be specific rows or entities selected by the         query or specific columns or attributes of information         associated with each selected entity;     -   Withholding all results of the query;     -   Anonymizing certain portions of the query result set;     -   And others as will occur to those of skill in the art.         Examples of conditions causing such available actions include:     -   Presence of one or more specific fields/attributes in the query         result;     -   Presence of a specific combination of fields/attributes in the         query result;     -   Absence of one or more specific fields/attributes in the query         result;     -   Presence of one or more specific fields/attributes and the         absence of one or more specific fields/attributes in the query         result;     -   Presence of one or more values associated with a field/attribute         in the query result;     -   Individual that is issuing the query such that. privileged users         may be able to retrieve more results without audit consequences         than less privileged users;     -   Where the query is being issued from;     -   And others as will occur to those of skill in the art.

If any of the results of the query require auditing access, the audit manager of (236) creates an audit record (170) and stores the audit record (170) in an audit database (172). Creating an audit record (170) and storing the audit record (170) in an audit database (172) may be carried out through workloads and services provided by the medical digital image transaction cluster (120) of FIG. 1.

The arrangement of servers and other devices making up the exemplary system illustrated in FIG. 1 are for explanation, not for limitation. Data processing systems useful according to various embodiments of the present invention may include additional servers, routers, other devices, peer-to-peer architectures, databases containing other information, not shown in FIG. 1, as will occur to those of skill in the art. Networks in such data processing systems may support many data communications protocols, including for example TCP (Transmission Control Protocol), IP (Internet Protocol), HTTP (HyperText Transfer Protocol), WAP (Wireless Access Protocol), HDTP (Handheld Device Transport Protocol), and others as will occur to those of skill in the art. Various embodiments of the present invention may be implemented on a variety of hardware platforms in addition to those illustrated in FIG. 1.

For further explanation, FIG. 2 sets forth an example system for administering medical digital images and auditing database access in a distributed medical computing environment (200). The medical computing environment of FIG. 2 includes two networks, a DMZ network (152) and a primary integrated delivery network (105). The distributed medical computing environment (200) administers medical digital images for a number of health care providers who provide medical images and receive the results of imaging transactions processed on those medical images and audits database access in the distributed medical computing environment according to embodiments of the present invention. The distributed medical computing environment may be implemented as a cloud computing environment that is accessible to the health care providers through the health care provider networks (154).

The example distributed medical image computing environment (200) of FIG. 2 includes a medical gateway (110), a module of automated computing machinery that includes a DICOM adapter (210), an HL7 adapter (212), generic other protocol adapter, a metadata extraction module (216) and a medical image business object creation module (218). The medical imaging gateway (110) of FIG. 2 receives, in one of the medical digital image communications protocol adapter (210, 212, 214), a request for an image processing transaction to process the medical digital image. The request contains a medical image to be processed, metadata describing the medical image, and an identification of the processing to be performed on the image.

Alternatively the medical imaging gateway may also receive from a user a query of one or more databases within the distributed medical computing environment (200). The medical imaging gateway (110) is capable of receiving the query according to a number of protocols and creating a query for the specific databases within the medical computing environment (200) of FIG. 1 and providing the query to the medical digital imaging transaction cluster to carry out the query, often as one or more workflows or services.

The request is transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by a producer of the medical images. In the example of medical imaging gateway (110) is capable of receiving a request for an image processing transaction from a health care provider (204) according to the DICOM standard, a health care provider (206) that produces medical images according to the HL7 standard, or some other health care providers (208) using other protocols and standards for creating and transmitted medical digital images.

The DICOM adapter (210) is capable of receiving and parsing the request according to the DICOM standard, the HL7 Adapter (212) is capable of receiving and parsing a request according the HL7 standard, and the generic other protocol adapter (214) is capable of receiving and parsing the request according to some other protocol that will occur to those of skill in the art. Similarly, the DICOM adapter (210) is capable of receiving and parsing a database query according to the DICOM standard, the HL7 Adapter (212) is capable of receiving and parsing a database query according the HL7 standard, and the generic other protocol adapter (214) is capable of receiving and parsing a database query according to some other protocol that will occur to those of skill in the art.

The metadata extraction module (216) of FIG. 1 extracts the metadata from the parsed request according to the standards and protocol used to create and transmit the request and provides the extracted metadata to the medical image business object creation module that creates, in dependence upon classification rules and the contents of the request, a medical image business object (112) representing the business transaction. The medical image business object includes a predefined structure and may be implemented as a structured document such as an XML document.

The medical imaging gateway (110) of FIG. 2 sends the medical image business object (112) to a medical image transaction cluster (120) in the primary integrated delivery network. The medical image transaction cluster (120) includes a workflow dispatcher (228), a medical image metadata database (230), a medical image repository (122), a security module (232), and a medical imaging cloud computing administration and configuration module (238). The workflow dispatcher (228) receives the medical image business object and stores the medical image business object (112) in the medical image metadata database (230) and stores the medical image in the medical image repository (122). The workflow dispatcher (228) of FIG. 2 includes a workflow selector (222) that select, in dependence upon workflow selection rules and the attributes of the medical image business object, one or more medical analytic workflows to process the medical image.

The workflow dispatcher (228) processes the medical image of the request with the medical analytic workflows, thereby creating a resultant business object and resultant medical image. The workflow dispatcher (228) routes, in dependence upon content routing rules and the attributes of the resultant business object, the resultant medical image to a destination.

The workflow dispatcher (228) of FIG. 2 routes the resultant medical image to a destination by extracting metadata from the resultant business object, creating a response to the request the response conforming to a particular digital image communications protocol used for the destination, and transmitting the response according to the particular digital image communications protocol.

The workflow dispatcher (228) of FIG. 2 may route the resultant medical image to a destination by storing the resultant medical image on the medical imaging gateway (110) assigned to the destination of the medical image. The workflow dispatcher may then transmit in the response data access information to access the resultant medical image on the gateway. A health care provider may then view the resultant medical images using the viewer server (220) in the DMZ network (152) through the use of a viewer client (202) at the health care providers location.

As mentioned above, the distributed medical computing environment is also capable of auditing database access according to embodiments of the present invention. In the example of FIG. 1, a query creation module (110) receives from one of the adapters (210, 212, and 214) a query from a user of one or more databases within the distributed medical computing environment. The query creation module (270) of FIG. 2 creates a query for the specific databases within the distributed medical computing environment and provides the query to the workflow dispatcher (228) that selects a workflow or service to carry out the query and calls an audit manager (236) in the security module (232). The security module implements security policies for the distributed medical computing environment (200).

An audit manager (236) of FIG. 2 determines in dependence upon audit policies (234) for the distributed medical computing environment whether any of the results of the query require auditing access. Audit policies are rules governing the type of information whose access is to be audited in the medical computing environment (200) of FIG. 2. Such audit policies may be established voluntarily by the providers of the medical cloud computing environment, by law, or in other ways as will occur to those of skill in the art.

If any of the results of the query require auditing access, the audit manager of (236) of FIG. 2 creates an audit record and stores the audit record in an audit database (172). In some embodiments of the present invention, creating an audit record and storing the audit record in an audit database may be carried out by calling the workflow dispatcher to select and execute workloads.

The distributed medical computing environment (200) of FIG. 2 includes an administration and configuration module that receives and implements administration and configuration policies for the distributed medical computing environment.

For further explanation, FIG. 3 sets forth a block diagram of an example medical image business object (118) according to embodiments of the present invention. The medical image business object (118) of FIG. 3 includes a request ID (302) that includes an identification of the particular request for a medical image processing transaction and a request Type (304) that identifies the kind of image processing transaction being requested. The medical image business object (118) of FIG. 3 also includes an action ID (306) identifying a particular action or workflow to be executed in the image processing transaction. The medical image business object (118) of FIG. 3 provider ID (308) identifying the provider of the medical images to be processed in the image transaction. The medical image business object (118) of FIG. 3 includes image provider protocol (338) that identifies the protocol and standard in which the images and request were created such as DICOM, HL7, and so on as will occur to those of skill in the art.

The medical image business object (118) of FIG. 3 includes a patient ID (310) that identifies the patient. Such an identification may include a name, social security number or other unique identification of the patient. The medical image business object (118) of FIG. 3 includes a physician ID (312) identifying a physician associated with the patient and a technician ID (314) identifying one or more technician that performed the scan to create the medical images associated with the request.

The medical image business object (118) of FIG. 3 include a scanner ID (316) identifying the scanner used to produce the medical images associated with the request. Such an identification may include a manufacturer name, serial number of the scanner or any other identification that will occur to those of skill in the art. The medical image business object (118) of FIG. 3 also includes a scanner type (318) identifying the type of scanner such as magnetic resonance scanners, computer tomography scanners, digital radiography scanners and so forth as will occur to those of skill in the art.

The medical image business object (118) of FIG. 3 includes an image ID (320) identifying the medical image. Such an image ID may also identify the image and the series of images of which the image is a part. The medical image business object (118) of FIG. 3 includes an image type (322) that identifies the type of image. The type of image may also identify the type of images in a series of images.

The medical image business object (118) of FIG. 3 includes a patient location (324) identifying the location of the patient and a destination location (326) identifying the location to which the processed resultant medical images and associated notifications are to be sent.

The medical image business object (118) of FIG. 3 includes a receiving gateway ID (328) identifying the medical imaging gateway in the medical imaging cloud computing environment in which the request for the imaging transaction was received and the destination gateway ID (330) identifying the medical imaging gateway in the medical imaging cloud computing environment to which the response and resultant processed images and notifications are to be sent.

The medical image business object (118) of FIG. 3 includes a original image pointer (332) that points to the original images or series of images in data storage in the medical imaging cloud computing environment. In some embodiments, the original images may be stored on the medical imaging gateway that received the request for the transaction. The medical image business object (118) of FIG. 3 includes an interim image pointer (334) that points to the current state of an image or series of images during the execution of the imaging transaction. Such images may be interim in the sense that some of the workflows for the images have been executed but the image transaction is not complete. The medical image business object (118) of FIG. 3 includes a resultant image pointer (336) that points to the resultant image after completion of the image transaction.

The fields and structure of the medical image business object (118) of FIG. 3 are for explanation and not for limitation. Audit records useful in embodiments of the present invention may include many different fields and different structure as will occur to those of skill in the art.

For further explanation, FIG. 4 sets forth a block diagram of an example audit record (450) according to embodiments of the present invention. The audit record (450) includes a query ID (452) uniquely identifying the query. The audit record (450) of FIG. 4 includes a query (454) field that includes the query received and parsed from the user. The audit record (450) of FIG. 4 also includes a user ID (456) field that identifies the user that made the query and a sensitive fields ID (458) that identifies the fields in the query that caused the audit record to be created and stored in the audit database. The audit record (450) of FIG. 4 also includes a time (460) and location (462) that identifies the time the user made the query and from where the query originated or was received.

The fields and structure of the audit record (450) of FIG. 4 are for explanation and not for limitation. Audit records useful in embodiments of the present invention may include many different fields and different structure as will occur to those of skill in the art.

For further explanation, FIG. 5 sets forth a flow chart illustrating an example method of administering medical digital images in a distributed medical digital image computing environment according to embodiments of the present invention. In some embodiments, the distributed medical digital image computing environment is implemented as a cloud computing environment. The medical digital image computing environment includes a medical digital image communications protocol adapter, a medical image metadata database, a medical image repository, and a medical image transaction workflow dispatcher.

The method of FIG. 5 includes receiving (402), in the medical digital image communications protocol adapter, a request for an image processing transaction to process one or more of the medical digital images. The request contains a medical image to be processed, metadata describing the medical image, and an identification of the processing to be performed on the image. The request is also transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by a producer of the medical images.

The method of FIG. 5 includes creating (404), in dependence upon classification rules and the contents of the request, a medical image business object representing the business transaction, the medical image could business object including a predefined structure. Classification rules are rules that are tailored to parsing and identifying the type of request according to the protocol and standard in which in which the request was created to extract medical images and metadata. The classification rules are also tailored to develop the medical image business object by including the extracted images and metadata in a predefined structure in the medical image business object. Classification rules allow for disparate metadata, arriving in disparate protocols and standards to be read, understood classified and organized according to a defined structure for the medical image business object.

Creating (404), in dependence upon classification rules and the contents of the request, a medical image business object representing the business transaction according to the method of FIG. 5 may be carried out by extracting from the request metadata describing the image according to the medical image communications protocol of the request and conforming the metadata to the predefined structure of the medical image business object;

The method of FIG. 5 also includes storing (406) the medical image business object in the medical image metadata database. Storing (406) the medical image business object in the medical image metadata database may include storing the medical image business object locally on a medical imaging gateway or providing the business object for storage elsewhere in the distributed processing system.

The method of FIG. 5 also includes storing (408) the medical image in the medical image repository. Storing (408) the medical image in the medical image repository according to the method of FIG. 5 may include maintaining (409) the medical image on a gateway within the medical digital image computing environment assigned to the producer of the medical image.

The method of FIG. 5 also includes selecting (410), in dependence upon workflow selection rules and the attributes of the medical image business object, one or more medical analytic workflows to process the medical image. Workflow selection rules are rules that are tailored to carrying out the image processing transaction on the medical images and the medical image business object according to the request received by the health care provider. Such workflow selection rules identify the necessary requirements of the transaction and select workflows having services that carry out those requirements as well as select workflows that are tailored for the attributes of those images such as the slice size, number of slices, type of scanner used to create the images, standards used for the images and many others as will occur to those of skill in the art. Workflows may include analytics for tumor detection, tumor growth, aneurysm detection, vessel separation in a patient's head, and many other medical conditions, workflows for image compression, image resolution, distribution of images, and many other workflows for medical image processing that will occur to those of skill in the art.

The method of FIG. 5 also includes processing (412) the medical image of the request with the medical analytic workflows, thereby creating a resultant business object and resultant medical image. Processing (412) the medical image of the request with the medical analytic workflows may be carried out by executing the selected workloads on the medical images and the medical image business model associated with the requested image processing transaction.

The method of FIG. 5 also includes routing (414), in dependence upon content routing rules and the attributes of the resultant business object, the resultant medical image to a destination. Content routing rules are rules dictating the manner in which resultant medical images are routed to the destination. Such rules are often based on the content of the resultant medical image such that the image is routed to an appropriate health care provider in a manner that conforms to both security and privacy. Often the destination of the image is a different location, logical or physical, from the provider of the original medical image prior to its being processed by the medical digital image transaction cluster. Content routing rules may also dictate the manner in which the health care provider may access the resultant medical images and who may access such images.

Routing (414) the resultant medical image according to the method of FIG. 5 may include extracting metadata from the resultant business object, creating a response to the request the response conforming to a particular digital image communications protocol used for the destination, and transmitting the response according to the particular digital image communications protocol. Routing (414) the resultant medical image to a destination may also include storing the resultant medical image on a gateway within the medical digital image computing environment assigned to the producer of the medical image and transmitting the response according to the particular digital image communications protocol further comprises transmitting in the response data access information to access the resultant medical image on the gateway.

Routing (414), in dependence upon content routing rules and the attributes of the resultant business object, the resultant medical image to a destination according to the method of FIG. 5 also includes sending (414) a notification describing the resultant medical image to the destination. Examples of a such a notification may be an email message or a text message to a health care provider notifying the health care provider that the response to the request is ready for viewing or that the workflows processing the medical images identified aspects of the images that are consistent with a medical condition such as tumor, aneurism, vessel separation, and so on as will occur to those of skill in the art.

For further explanation, FIG. 6 sets forth a flow chart illustrating and example method of administering medical digital images in a distributed medical digital image computing environment according to embodiments of the present invention. The method of FIG. 6 is similar to the method of FIG. 4 in that the method of FIG. 6 includes receiving (402), in the medical digital image communications protocol adapter, a request for an image processing transaction to process the medical digital image, creating (404), in dependence upon classification rules and the contents of the request, a medical image business object representing the business transaction, the medical image could business object including a predefined structure; storing (406) the medical image business object in the medical image metadata database; storing (408) the medical image in the medical image repository; selecting (410), in dependence upon workflow selection rules and the attributes of the medical image business object, one or more medical analytic workflows to process the medical image; processing (412) the medical image of the request with the medical analytic workflows, thereby creating a resultant business object and resultant medical image; and routing (414), in dependence upon content routing rules and the attributes of the resultant business object, the resultant medical image to a destination.

The method of FIG. 6 differs from the method of FIG. 4 in that in the method of FIG. 6 creating (404), in dependence upon classification rules, and the contents of the request a medical image business object representing the business transaction further comprises selecting (502) a medical image business object created from different classification rules from a database and creating (504) a new medical image business object in dependence upon the classification rules and attributes of the selected business object.

In the method of FIG. 6 selecting (410), in dependence upon workflow selection rules and the attributes of the medical image business object, one or more medical analytic workflows to process the medical image includes selecting (506), in dependence upon workflow selection rules and the attributes of the new medical image business object, one or more medical analytic workflows to process the medical image.

For further explanation, FIG. 7 sets forth a flow chart illustrating in example method of auditing database access in a distributed medical computing environment. The method of FIG. 7 includes receiving (702) from a user a query of one or more databases within the distributed medical administration computing environment. Receiving (702) from a user a query of one or more databases within the distributed medical administration computing environment may be carried out by receiving a query from a user according to protocol used by a health care provider, parsing the query, and creating a query for use with a database in the distributed medical computing environment.

The method of FIG. 7 also includes determining (704) by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access. Determining (704) by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access may be carried out by returning to an audit manager the results of the query and determining by the audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access. Such results may identify patient information or other information that requires auditing. In such embodiments, the query is actually performed and determining (704) whether any of the results of the query require auditing access is performed in dependence upon the results.

Determining (704) by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access may alternatively include determining from the query itself whether results would require auditing access. In such embodiments, the type of results that are to be returned from the query are inferred from the query itself and a determination whether to audit the query may be made prior to executing the query itself.

If any of the results of the query require auditing access, the method of FIG. 7 includes creating (710) an audit record. Creating (710) an audit record may be carried out by creating a data structure having predetermined fields useful in auditing database queries.

The method of FIG. 7 also includes storing (712) the audit record in an audit database. Storing (712) the audit record in an audit database may include storing the audit record locally in a database or transmitting the audit record to a predetermined auditing facility to be stored.

The example method of FIG. 7 includes an alternative step of withholding (714) the results of the query if any of the results of the query require auditing access. Withholding (714) the results of the query if any of the results of the query require auditing access may be carried out by withholding the results of a query entirely, failing to perform the query, withholding a portion of the results, redacting results of the query that causes the query to be audited, or withholding results in other ways as will occur to those of skill in the art.

The example method of FIG. 7 includes an alternative step of providing (716) a notification of the query if any of the results of the query require auditing access. In some embodiments of the present invention, such a notification may be in the form of a message sent to a security administrator or other predetermined location or person designated for auditing database queries. Such a message may include the audit record, a description of the query, information contained in either the query or the audit record, or any other information that will occur to those of skill in the art.

As mentioned above, a cloud computing environment useful in embodiments of the present invention is generally considered service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability. At the heart of cloud computing is an infrastructure comprising a network of interconnected nodes. For further explanation, FIG. 8 sets forth a block diagram of an example of a cloud computing node useful according to embodiments of the present invention. Cloud computing node (10) is only one example of a suitable cloud computing node and is not intended to suggest any limitation as to the scope of use or functionality of embodiments of the invention described herein. Regardless, cloud computing node (10) is capable of being implemented and/or performing any of the functionality set forth hereinabove.

In cloud computing node (10) there is a computer system/server (12), which is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with computer system/server (12) include, but are not limited to, personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputer systems, mainframe computer systems, and distributed cloud computing environments that include any of the above systems or devices, and the like.

Computer system/server (12) may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, and so on that perform particular tasks or implement particular abstract data types. Computer system/server (12) may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.

As shown in FIG. 8, computer system/server (12) in cloud computing node 10 is shown in the form of a general-purpose computing device. The components of computer system/server (12) may include, but are not limited to, one or more processors or processing units (16), a system memory (28), and a bus (18) that couples various system components including system memory (28) to processor (16).

Bus (18) in the example of FIG. 8 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnects (PCI) bus.

Computer system/server (12) of FIG. 8 often includes a variety of computer system readable media. Such media may be any available media that is accessible by computer system/server (12), and it includes both volatile and non-volatile media, removable and non-removable media.

System memory (28) in the example of FIG. 8 can include computer system readable media in the form of volatile memory, such as random access memory (RAM) (30) and/or cache memory (32). Computer system/server (12) may further include other removable/non-removable, volatile/non-volatile computer system storage media. By way of example only, storage system (34) can be provided for reading from and writing to a non-removable, non-volatile magnetic media (not shown and typically called a “hard drive”). Although not shown, a magnetic disk drive for reading from and writing to a removable, non-volatile magnetic disk (e.g., a “floppy disk”), and an optical disk drive for reading from or writing to a removable, non-volatile optical disk such as a CD-ROM, DVD-ROM or other optical media can be provided. In such instances, each can be connected to bus 18 by one or more data media interfaces. As will be further depicted and described below, memory (28) may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.

The example of FIG. 8 includes a program/utility (40), having a set (at least one) of program modules 42, may be stored in memory (28) by way of example, and not limitation, as well as an operating system, one or more application programs, other program modules, and program data. Each of the operating system, one or more application programs, other program modules, and program data or some combination thereof, may include an implementation of a networking environment. Program modules 42 generally carry out the functions and/or methodologies of embodiments of the invention as described herein.

The computer system/server (12) of FIG. 8 may also communicate with one or more external devices (14) such as a keyboard, a pointing device, a display (24), etc.; one or more devices that enable a user to interact with computer system/server (12); and/or any devices (e.g., network card, modem, etc.) that enable computer system/server (12) to communicate with one or more other computing devices. Such communication can occur via I/O interfaces (22). Still yet, computer system/server (12) can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via network adapter (20). As depicted, network adapter (20) communicates with the other components of computer system/server (12) via bus 18. It should be understood that although not shown, other hardware and/or software components could be used in conjunction with computer system/server (12). Examples, include, but are not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data archival storage systems, etc.

For further explanation, FIG. 9 sets forth a line drawing of an example cloud computing environment (50). The cloud computing environment (50) of FIG. 6 comprises one or more cloud computing nodes (10) with which local computing devices used by cloud consumers, such as, for example, personal digital assistant (PDA) or cellular telephone (54A), desktop computer (54B), laptop computer (54C), and/or automobile computer system (54N) may communicate. Nodes (10) may communicate with one another. They may be grouped (not shown) physically or virtually, in one or more networks, such as private, community, public, or hybrid clouds as described hereinabove, or a combination thereof. This allows cloud computing environment (50) to offer infrastructure, platforms and/or software as services for which a cloud consumer does not need to maintain resources on a local computing device. It is understood that the types of computing devices (54A-N) shown in FIG. 9 are intended to be illustrative only and that computing nodes (10) and cloud computing environment (50) can communicate with any type of computerized device over any type of network and/or network addressable connection (e.g., using a web browser).

For further explanation, FIG. 10 sets forth a line drawing showing an example set of functional abstraction layers provided by cloud computing environment (50 in FIG. 7). It should be understood in advance that the components, layers, and functions shown in FIG. 10 are intended to be illustrative only and embodiments of the invention are not limited thereto. As depicted, the following layers and corresponding functions are provided:

The example of FIG. 10 includes a hardware and software layer (60). Hardware and software layer (60) in the example of FIG. 10 includes hardware and software components. Examples of hardware components include mainframes, in one example IBM® zSeries® systems; RISC (Reduced Instruction Set Computer) architecture based servers, in one example IBM pSeries® systems; IBM xSeries® systems; IBM BladeCenter® systems; storage devices; networks and networking components. Examples of software components include network application server software, in one example IBM Web Sphere® application server software; and database software, in one example IBM DB2® database software. (IBM, zSeries, pSeries, xSeries, BladeCenter, WebSphere, and DB2 are trademarks of International Business Machines Corporation registered in many jurisdictions worldwide)

The example of FIG. 10 includes a virtualization layer (62). The virtualization layer (62) of FIG. 10 provides an abstraction layer from which the following examples of virtual entities may be provided: virtual servers; virtual storage; virtual networks, including virtual private networks; virtual applications and operating systems; and virtual clients.

The example of FIG. 10 also includes a management layer (64). The management layer (64) may provide the functions described below. Resource provisioning provides dynamic procurement of computing resources and other resources that are utilized to perform tasks within the cloud computing environment. Metering and Pricing provide cost tracking as resources are utilized within the cloud computing environment, and billing or invoicing for consumption of these resources. In one example, these resources may comprise application software licenses. Security provides identity verification for cloud consumers and tasks, as well as protection for data and other resources. User portal provides access to the cloud computing environment for consumers and system administrators. Service level management provides cloud computing resource allocation and management such that required service levels are met. Service Level Agreement (SLA) planning and fulfillment provide pre-arrangement for, and procurement of, cloud computing resources for which a future requirement is anticipated in accordance with an SLA.

The example of FIG. 10 also includes a workflows layer (66). The workflows layer (66) of FIG. 10 provides examples of functionality for which the cloud computing environment may be utilized. Examples of workflows and functions which may be provided from this layer include: mapping and navigation; software development and lifecycle management; virtual classroom education delivery; data analytics processing; and transaction processing.

The workflows layer (66) includes administering medical digital images according to embodiments of the present invention include receiving, in the medical digital image communications protocol adapter, a request for an image processing transaction to process the medical digital image, the request containing a medical image to be processed, metadata describing the medical image, and an identification of the processing to be performed on the image; and wherein the request is transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by a producer of the medical images; creating, in dependence upon classification rules and the contents of the request, a medical image business object representing the business transaction, the medical image could business object including a predefined structure; storing the medical image business object in the medical image metadata database; storing the medical image in the medical image repository; selecting, in dependence upon workflow selection rules and the attributes of the medical image business object, one or more medical analytic workflows to process the medical image; processing the medical image of the request with the medical analytic workflows, thereby creating a resultant business object and resultant medical image; routing, in dependence upon content routing rules and the attributes of the resultant business object, the resultant medical image to a destination wherein routing the resultant medical image includes extracting metadata from the resultant business object, creating a response to the request the response conforming to a particular digital image communications protocol used for the destination, and transmitting the response according to the particular digital image communications protocol.

The workflows layer (66) includes database audit administration including auditing database access in a distributed medical computing environment according to embodiments of the present invention including receiving from a user a query of one or more databases within the distributed medical administration computing environment; determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access; and if any of the results of the query require auditing access, creating an audit record and storing the audit record in an audit database.

As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).

Aspects of the present invention are described below with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowcharts and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

It will be understood from the foregoing description that modifications and changes may be made in various embodiments of the present invention without departing from its true spirit. The descriptions in this specification are for purposes of illustration only and are not to be construed in a limiting sense. The scope of the present invention is limited only by the language of the following claims. 

What is claimed is:
 1. A method of auditing database access in a distributed medical computing environment, the method comprising: receiving, by an audit manager responsive to a user query of one or more databases within the distributed medical computing environment, results of the query; determining by the audit manager, in dependence upon audit policies for the medical computing environment, whether any portion of the results of the query smaller than the entire results of the query require auditing access before presenting to the user, any portions of the results of the query to the user, the audit policies specifying one of several actions to take in response to one or more conditions, the one or more conditions including presence of one or more specific fields and absence of one or more specific fields in the results of the query; and in response to a determination that any portion of the results of the query require auditing access: storing an audit record in an audit database, wherein the audit record comprises data identifying the query, the user from which the query is received, and the portions of the query results that caused the results to require auditing access, wherein the audit database only includes audit records, transmitting the audit record to a predetermined auditing facility to be stored, and withholding, from the user, the portions of the results of the query requiring auditing access by redacting the portions of the results of the query requiring auditing access and presenting certain portions of the results of the query anonymously to the user; and providing a notification of the query if any portion of the results of the query require auditing access, wherein the notification is a message sent to a predetermined location designated for auditing database queries.
 2. The method of claim 1 wherein determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises: returning to an audit manager the results of the query; and determining by the audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access.
 3. The method of claim 2 wherein determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises determining from the query itself whether results would require auditing access.
 4. The method of claim 3 wherein the distributed medical computing environment including a medical digital image communications protocol adapter, a medical image metadata database, a medical image repository, and a medical image transaction workflow dispatcher, and wherein the computer memory further includes computer program instructions that, when executed by the computer processor, cause the system to carry out the steps of: receiving from the user the query of the one or more databases within the distributed medical administration computing environment including receiving, in the medical digital image communications protocol adapter, a query transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by the user; and creating an audit record and storing the audit record in an audit database further comprises selecting by the workflow dispatcher audit workflows and executing the audit workflows.
 5. A system for auditing database access in a distributed medical computing environment, the system comprising one or more computer processors and computer memory coupled to the computer processors, the computer memory including computer program instructions that, when executed by the computer processor, cause the system to carry out the steps of: receiving, by an audit manager responsive to a user query of one or more databases within the distributed medical computing environment, results of the query; determining by the audit manager, in dependence upon audit policies for the medical computing environment, whether any portion of the results of the query smaller than the entire results of the query require auditing access before presenting to the user, any portions of the results of the query to the user, the audit policies specifying one of several actions to take in response to one or more conditions, the one or more conditions including presence of one or more specific fields and absence of one or more specific fields in the results of the query; and in response to a determination that any portion of the results of the query require auditing access: storing an audit record in an audit database, wherein the audit record comprises data identifying the query, the user from which the query is received, and the portions of the query results that caused the results to require auditing access, wherein the audit database only includes audit records, transmitting the audit record to a predetermined auditing facility to be stored, and withholding, from the user, the portions of the results of the query requiring auditing access by redacting the portions of the results of the query requiring auditing access and presenting certain portions of the results of the query anonymously to the user; and providing a notification of the query if any portion of the results of the query require auditing access, wherein the notification is a message sent to a predetermined location designated for auditing database queries.
 6. The system of claim 5 wherein determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises: returning to an audit manager the results of the query; and determining by the audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access.
 7. The system of claim 5 wherein determining by the audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises determining from the query whether results would require auditing access.
 8. The system of claim 5 wherein the distributed medical computing environment including a medical digital image communications protocol adapter, a medical image metadata database, a medical image repository, and a medical image transaction workflow dispatcher, and wherein the computer memory further includes computer program instructions that, when executed by the computer processor, cause the system to carry out the steps of: receiving from the user the query of the one or more databases within the distributed medical administration computing environment including receiving, in the medical digital image communications protocol adapter, a query transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by the user; and creating an audit record and storing the audit record in an audit database further comprises selecting by the workflow dispatcher audit workflows and executing the audit workflows.
 9. A computer program product for auditing database access in a distributed medical computing environment, the computer program product disposed upon a non-transitory computer readable storage medium, the computer program product comprising computer program instructions that, when executed, cause a computer to carry out the steps of: receiving, by an audit manager responsive to a user query of one or more databases within the distributed medical computing environment, results of the query; determining by the audit manager, in dependence upon audit policies for the medical computing environment, whether any portion of the results of the query smaller than the entire results of the query require auditing access before presenting to the user, any portions of the results of the query to the user, the audit policies specifying one of several actions to take in response to one or more conditions, the one or more conditions including presence of one or more specific fields and absence of one or more specific fields in the results of the query; and in response to a determination that any portion of the results of the query require auditing access: storing an audit record in an audit database, wherein the audit record comprises data identifying the query, the user from which the query is received, and the portions of the query results that caused the results to require auditing access, wherein the audit database only includes audit records, transmitting the audit record to a predetermined auditing facility to be stored, and withholding, from the user, the portions of the results of the query requiring auditing access by redacting the portions of the results of the query requiring auditing access and presenting certain portions of the results of the query anonymously to the user; and providing a notification of the query if any portion of the results of the query require auditing access, wherein the notification is a message sent to a predetermined location designated for auditing database queries.
 10. The computer program product of claim 9 wherein determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises: returning to an audit manager the results of the query; and determining by the audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access.
 11. The computer program product of claim 9 wherein determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises determining from the query whether results would require auditing access.
 12. The computer program product of claim 9 wherein the distributed medical computing environment including a medical digital image communications protocol adapter, a medical image metadata database, a medical image repository, and a medical image transaction workflow dispatcher, and wherein the computer program product further comprises computer program instructions that, when executed, cause a computer to carry out the steps of: receiving from the user the query of the one or more databases within the distributed medical administration computing environment including receiving, in the medical digital image communications protocol adapter, the query transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by the user; and creating an audit record and storing the audit record in an audit database further comprises selecting by the workflow dispatcher audit workflows and executing the audit workflows. 